Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Wrong SSL when nginx proxy disabled for a given site?

https://forum.vestacp.com/viewtopic.php?f=11&t=18648

Page 1 of 1

Wrong SSL when nginx proxy disabled for a given site?

Posted: Sun Apr 28, 2019 2:52 pm
by hostmit
Hello. I have ubuntu running vestacp with nginx as proxy and apache serving few websites, all having valid SSL from letsencrypt.

If I disable nginx proxy for any website, when I try to access https://url I'm getting SSL error - cause nginx serves it from another website, on which I didnt disable nginx as proxy.
Whenever I access https://url:8443 - direct apache2 ssl port - I'm getting correct SSL response.

I checked nginx config, it has no default SSL configuration :( Is this a normal behavior or my installation is corrupted?

Is it possible to solve this?

Thanks.

Re: Wrong SSL when nginx proxy disabled for a given site?

Posted: Mon Apr 29, 2019 6:27 am
by hostmit
Upon digging more into this issue I reached dead end.

You can have only 1 app listening on the port. So Once NGINX is up, all goes through it. When u disable nginx in VestaCP - it removes specific nginx conf file.
Now, when u try to access that domain over SSL, nginx has no clue what to do with that request, so it goes on default site conf, getting SSL cert from it, that's why u get an SSL mismatch.

While it's possible to catch_all requests like these, u have to specify cert file anyway, no way around it. There is blind TCP proxy option, but u cant have that up for specific domains, cause it has now clue what's server_name is.

So dead end. You cant disable nginx as proxy and have proper SSL up. :(
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/